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Abstract. Size-Change Termination is an increasingly-popular technique for verifying 
program termination. These termination proofs are deduced from an abstract representa- 
tion of the program in the form of size-change graphs. 

We present algorithms that, for certain classes of size-change graphs, deduce a global 
ranking function: an expression that ranks program states, and decreases on every tran- 
sition. A ranking function serves as a witness for a termination proof, and is therefore 
interesting for program certification. The particular form of the ranking expressions that 
represent SCT termination proofs sheds light on the scope of the proof method. The 
complexity of the expressions is also interesting, both practicaly and theoretically. 

While deducing ranking functions from size-change graphs has already been shown 
possible, the constructions in this paper are simpler and more transparent than previously 
known. They improve the upper bound on the size of the ranking expression from triply 
exponential down to singly exponential (for certain classes of instances). We claim that 
this result is, in some sense, optimal. To this end, we introduce a framework for lower 
bounds on the complexity of ranking expressions and prove exponential lower bounds. 



Automatic termination analysis is a rapidly growing field; it represents exciting progress 
in the theory and application of program analysis. Two widely-cited foundational publica- 
tions are Podelski and Rybalchenko [llj and Lee, Jones and Ben-Amram |10j . The former 
promoted the use of local ranking functions (or relations) for termination proofs; the latter 
presented the Size-Change Termination (SCT) framework. SCT is, in essence, a class of 
abstract programs (in other words, transition systems), that happen to be conveniently 
represented as graphs (known as size-change graphs). These abstract programs can be used 
to safely approximate the semantics of an actual program, while capturing invariants that 
are crucial to a termination proof. 

A global ranking function is a function of program states that decreases towards its 
lower bound in every program transition, thus providing a direct witness to termination. 
It is a folklore theorem that a program terminates if and only if such a function exists. 
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while (x, y > 0) 

if x>y then x := x-y 
else y := y-x 
return max(x,y) 

Figure 1: A gcd program. One ranking function for the loop is the maximum among the 
variables. Another is their sum. 



But global ranking functions can be complex and difficult to find, even for simple kinds of 
programs (for example, the programs that we will consider in this work). Both [llj and [10\ 
circumvent the construction of a global ranking function. In fact, they are closely related: 
as clearly explained in [6], SCT termination proofs fit the local framework of 

The problem addressed in this work is that of deriving an explicit expression for a global 
ranking function for a given SCT instance (despite the fact that a termination proof can be 
obtained without it). Why are global ranking functions interesting? Firstly, for theoretical 
understanding of size-change termination : identifying a class of ranking functions that 
captures all terminating instances provides a clue to the scope of the proof method (what 
behaviours are captured by the method, what ordinals may be captured etc.). Effectively 
constructing a ranking function is a challenge because it is not at all obvious how to do 
it, even when a function is known to exist; and developing such an algorithm provides 
new insights into the subject. Secondly, for applications: an explicit ranking expression 
may provide an easy-to-verify witness to termination, since verification only amounts to 
checking it against every transition. Such a witness is not provided by the local methods. 
As pointed out by Krauss [8], if a global ranking function (of sufficiently simple form) could 
be constructed automatically, it would allow a theorem prover to certify the termination 
claim while allowing the tool that searches for the termination proof to stay outside the 
trusted (formally verified) code base. One can also consider applications to proof-carrying 
code, where again the desire is for the proof to be given as a certificate that is easier to check 
than to find. Finally, an interesting potential application to bound the excution time of 
programs, since a ranking function provides a progress measure. However, such application 
is not immediate, since the range of our functions is, in general, not the integers (i.e., not 
the order type u), but u;*^ for some k). 

For all these reasons, we are interested in the form and complexity of global ranking 
functions that suffice for SCT programs, and in algorithms for their automatic construction. 
Early publications on SCT identified several special cases: programs where the maximum, 
minimum, or sum of a set of variables decreases (Figure [1]) , programs with a lexicographic 
descent (the ubiquitous Ackermann's function), and programs with multiset-descent p^H]. 
Lee [9] established for the first time that a ranking function can be automatically constructed 
for any terminating SCT instance, always of the following form: 

min(max Si , max 5*2 , ... ) 

where max Si represents the maximum element among a set Si of vectors (tuples) of variables 
and constants, where vectors are lexicographically ordered. 

Let us give an example. Figure [2] shows a program, and the graphs in Figure [3] represent 
it in SCT form. The three graphs correspond to the three alternatives in the loop body. 
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while (x,y,z 


> 0) 




do either 






(x,y,z) 


:= (y-1, 


y-1, f(x,y,z)) 


1 (x,y,z) 


:= (x-1, 


X, f(x,y,z)) 


1 (x,y,z) 


:= (y-1, 


y, z-1) 


Figure 2: A terminating 


5 program. 


Function f is considered unknown, "do either" is nonde- 


terministic. 
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3;ure 3: Size-change graphs 


for the program in Figure 2. 



with arcs representing data flow and heavy arcs representing descent (for precise definitions 
of size-change graphs, see Section [2]). 

A ranking function for this program is p{x,y,z) = max{(y, 0, z), {x,l,z)} (in this in- 
stance the min operator is unnecessary; this could be expected, as Section [5] will show). A 
straight-forward way to verify this is to check each graph in turn, considering each possibil- 
ity among y > x, y = x and y < x. For example, take the first graph. Assume that initially 
y > X. Then the initial maximum is {y,0,z); since the transition decreases y, there is no 
doubt that p descends. 

Contributions of this work. We provide new algorithms to construct ranking functions for 
a restricted, but interesting, class of SCT instances: fan-in free (or fan-out free) graphs. 
We feel that the new constructions are far more transparent than the previous one, which 
involved a lengthy detour through the determinization of Biichi automata. In contrast, 
the new ones are based on direct analysis of SCT graphs. They employ a technique of 
including composite values, such as tuples or sets of variables, as single data items, and 
showing that this simplifies the SCT analysis. The inclusion of tuples reflects the role of 
lexicographic descent; sets of variables give rise to descent in multiset orders (see Section 2). 
Thus the constructions also provide one more example of the usefulness of multiset orders 
in termination-related reasoning. In terms of expression size, we reduce the upper bound 
from triply-exponential as in [9] to singly-exponential. 

An additional contribution of this work is the formulation of a lower-bound framework 
and the proof of exponential lower bounds, which imply that our upper complexity bounds 
are, in a certain sense, optimal. 

Structure of this paper. The next section provides the formal introduction, giving necessary 
definitions. In Section 3 we review some results that we are using from previous work. 
Then, in Sections 4 and 5 we give the new construction for fan-out free, then fan-in free. 
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graphs. Section 6 is concerned with lower bounds. In Section 7, we discuss the connection 
of our results to a more general theorem of Blass and Gurevich. Section 8 concludes. 

2. Definitions 

In this section we list the necessary definitions involving SCT, ranking functions, and 
their connection. Enough definitions are given to make the paper formally self-contained 
and to fix the terminology (which is, unfortunately, not uniform across SCT-related work). 

2.1. Program representation. Let Val be a well-ordered set of data values. 

Definition 2.1. A control-flow graph (CFG) is a directed multigraph {F,C). The nodes 
are called flow-chart points or just flow-points. The set of arcs from f £ F to g £ F is 
denoted Cfg. 

For each f £ F, we have a distinct set of variables Var(f). 

One of the nodes, /o, is initial or starting point. All nodes are reachable from /q. 

Often, we further assume that /o is also reachable from all nodes, or equivalently that the 
graph is strongly connected; it is well-known that termination analysis can be done one 
strongly-connected component at a time. 

The variables Var{f) are supposed to represent data pertinent to the program state 
when the program is at point /. 

To avoid cumbersome notations, we make in this paper the following assumption: 

All sets Var{f) have the same size n. 
We also reserve the identifier m for 1^1. 
Definition 2.2. The set of (abstract) program states is 

St = {{f,a)\f eF, a: Var{f) ^ Val}. 

Thus, a state is defined by a program point and a store a applicable to that point. A 
state will be cutomarily denoted by s and we sometimes implicitly assume that its compo- 
nents are (/, a). 

A remark about the notion of abstract state may be in order. While in simple settings 
(such as [lOj), Var{f) may correspond precisely to constituent variables of the concrete pro- 
gram state, this is not true in general. In many applications of SCT, static program analysis 
is used to determine properties of a state that are (or may be) relevant to termination, e.g., 
the difference of two integer variables, the depth of a recursion or closure stack, etc. The 
original presentation of SCT referred to programs that process data types, such as lists and 
trees, that can be ranked by their size, height etc; in this case we may prefer to think of 
the abstract value as a member of Var{f) rather than the list or tree itself. There are also 
examples where it is worthwhile to include two abstractions (norms) of the same concrete 
object. 

Definition 2.3. For f,g £ F, a size-change graph (SCG) with source / and target g is 
a bipartite directed graph with source nodes corresponding to Var{f) and target nodes 
corresponding to Var{g). We write this fact as G : / — > 5. Each arc of G (called a 
size-change arc) is labeled with an element of the set {J,,^}. 
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^ — ►- V V ^ — >- V 



Figure 4: A multipath as a layered graph, with a highlighted complete thread. 



Size-change arcs represent constraints on state transitions (/, cr) i— > {g,(j'). The arcs 
have the following meaning: 

A strict arc x y represents the assertion a{x) > cr'{y) 

A non-strict arc x ^ y represents the assertion cr(x) > cr'(y). 

We write G \= (/, cr) i-^ {g, a') if all constraints are satisfied; we say that transition 
(/, a) I— > {g, a') is described by G. 

We write x — > y € G if there is an arc from x to y in G (however labeled). 

An SCT instance, also known as annotated control-flow graph (ACG), is a CFG where 
every arc c & Gjg is annotated with a size-change graph Gc f ^ g- 

An SCT instance is customarily denoted by G and often viewed as a set of SCG's, the 
CFG being implicitly specified. 

2.2. The SCT condition. 

Definition 2.4. A Q-multipath is a sequence M = G1G2 ■ ■ ■ of elements of Q that label a 
(finite or infinite) directed path in the CFG. 

The path in the CFG is often denoted by as (the abbreviation stands for call sequence — 
originating in a functional programming setting where transitions model calls). The mul- 
tipath corresponding to cs is called Mcs- The front of the multipath is the source point of 
Gi, the rear of a finite multipath is the target of the last transition, and if both are one 
and the same flow-point, the multipath is referred to as a cycle (in fact, its underlying CFG 
path is a cycle). 

We extend the notation G ^ s 1-^ s' to finite multipaths as follows: 

G1G2 . . .Gk \= So ^ Sk (3si, . . . , Sfc-i)(Vi)Gi \= Si ^ Si+i 

A multipath is ofen viewed as the (finite or infinite) layered directed graph obtained by 
identifying the target nodes of Gj with the source nodes of Gj+i (Figured]). 

Definition 2.5. Let M be a t/-multipath. A thread in M is a (finite or infinite) directed 
path in the layered directed graph representation of M. We say that the thread is from x 
to y if the thread begins with variable x and ends with y. 
A thread is complete if it spans the length of M. 

A thread is descending if it includes a strict arc; it is infinitely descending if it includes 
infinitely many strict arcs. 

Intuitively, threads carry information along the computation, and this intuitive meaning 
enters the language we are using, so for example we might say that variable x is carried by 
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a thread to variable y (which impUes that the initial value of x constrains the final value of 
y), or that a certain set of variables is carried by threads to some other set. 

More precisely, a thread represents a sequence of values generated during a computation, 
that form a weakly decreasing chain in Val; and an infinitely descending thread indicates 
an infinitely-decreasing chain of values. Under the assumption of well-foundedness of Val, 
such an infinite chain cannot exist. This consideration leads to the following definition: 

Definition 2.6 (The SCT Condition). Q is said to satisfy SCT, or be a positive SCT 
instance, or terminate, if every infinite multipath contains an infinitely-descending thread. 

We next formalize the manner in which the SCT condition (which is purely combina- 
torial) relates to a semantic notion of termination. 

Definition 2.7 (Tg). The transition system associated with Q is the relation Tg over St 
defined by 

(s, s') G Tg <^=^ G \= s s' ioT some G £ Q. 
We say that Tg is terminating if there is no infinite chain in Tg . 
Theorem 2.8. Tg is terminating if and only if Q satisfies SCT. 

The "if" part of this theorem (soundness of the SCT criterion) follows directly from 
well-foundedness. For the "only if" direction see [9]. Thus, SCT is a sound and complete 
termination criterion for the corresponding class of transition system. 

SCT is decidable (it would be a far less interesting abstraction otherwise); note that this 
is possible because the corresponding transition systems are restricted and only approximate 
real programs. A well-known way to decide SCT is the so-called closure algorithm, which 
consists of computing a transitive closure of G and checking idempotent graphs: we now 
review the pertinent definitions and facts, following [10]. 

Definition 2.9. The composition of size-change graph Gi : f — > g with G2 : g — > h is a 
size-change graph with source f , target h and arc set U E^, where 

E^ = {x ^ z \ X ^ y £ Gi, y ^ z £ G2, ri or r2 is 1} 
E^ = {x^z\x^yeGi, y^z£G2, x-^z^E^}. 
The composition is denoted by Gi; G2. 

Definition 2.10. Graph G is idempotent if G; G = G. 

Note that an idempotent graph must have the same fiow-point for both source and 
target, i.e., it describes a cycle in the control-fiow graph. 

Theorem 2.11. Let denote the composition- do sure of Q. SCT is satisfied by Q if and 
only if every idempotent graph in has an arc x x for some x. 

A variation in which every graph in the closure (regardless of idempotence) is tested is 
described in [12l |6]. 



RANKING FUNCTIONS FOR SIZE-CHANGE TERMINATION II 



7 



2.3. Ranking functions. 

Definition 2.12. Let T be a transition system over state-space St. A (global) ranking 
function for T is a function p : St ^ W, where is a well-founded set, such that {s, s') € 

r p{s) > pis'). 

Let P{s, s') be any predicate, where s, s' are free variables representing states. We write 
G ^ P{s,s') if 

Definition 2.13. A (global) ranking function for an SCT instance ^ is a function p : St ^ 
W, where is a well-founded set, that constitutes a ranking function for Tg. Equivalently, 
it satisfies G \= p(s) > p{s') for every G £ G. 

For convenience, we often "Curry" p and write p{f,cr) as Pf{cr). 

Complexity measures. In this paper we are interested in explicit construction of ranking 
functions. Thus the ranking functions will be given by expressions, combining the values 
of program variables with appropriate operators (such as min, max etc.). The complexity 
measure we are mostly interested in is the size of the expression. 

Also of interest is the time to construct the expression (if the proof is constructive). 
Naturally, this time is lower-bounded by the expression's size. 

Notations. If a flow point / has variables x,y, . . . , then it is natural to write a ranking 
function using these variable names, e.g., pf{x,y, . . .) = max(x, y, . . . ). But technically, 
a ranking function is a function over St. To iron out the formality, we use notations as 
defined next. 

Definition 2.14. Let S C Var{f). Then MAXVAL^5 is max{cj(x) | x G 5}. For fixed 5, 
this is a function of a. Similarly, MINVALg-S is min{cr(x) | x G S}. 

2.4. Subclasses of SCT. Previous work on SCT has identified certain structural sub- 
classes of SCT as interesting. By structural, we mean that the subclass is defined by impos- 
ing a constraint on the structure of the size-change graphs. The following three subclasses 
will play a role in this work: 

• In Fan-in free graphs, the in-degree of all nodes is at most 1. Fan-in free graphs are 
discussed in [3', T!]. A benchmark evaluation described in [4J demonstrated that such 
graphs occur frequently when size-change graphs are extracted from Prolog programs. 
In [1], it was shown that fan- in freedom makes an extended (and harder) form of SCT, 
called 5SCT, decidable. 

• In Fan-out free graphs, the out-degree of all nodes is at most 1. The interest in this 
subclass is mostly due to its being defined symmetrically to fan-in free graphs, and yet 
sometimes easier to work with. For example, in this paper we will handle fan-out free 
graphs first. 

• Strict SCT graphs have exclusively strict arcs. This again is a class which is introduced 
because it is easier to work with. In particular, as shown in [9], this class admits a simple 
ranking-function construction; we will make use of that construction in this work. 
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2.5. Multiset orderings. In the example given in Section 1, as well as in many classical 
examples, it is useful to define the rank of a state as a tuple that is shown to descend 
lexicographically. In previous work on termination, it has been discovered that in some 
cases, it is useful to form not a tuple, but a multiset of values, and exhibit descent in 
an appropriate multiset order. In particular, such orders turn out useful in constructing 
ranking functions for SCT; this subsection presents the necessary definitions. 

Definition 2.15 (Simple Multiset Order, SMO). Let A,B be finite multisets over Val. We 
write ^ > if > (the cardinality of A is larger) or if |^| = \B\ and the sets can be 
listed as A = {ai, 02, . . . } and B = {bi, 62, ... } with Oj > bi for all i and aj > bi for at least 
one i. We write A > B for the non-strict variant. 

For example, let A = {4,3,3,0} and B = {4,3,2,0}. Then we have A> B. If we let 
C = {4,3,2,1}, we have neither A>C, nor C > A: these sets are incomparable. SMO is 
thus a partial order. 

Let k > and suppose that \A\ = \B\ = k; it is easy to verify that A > B means that 
a sorted listing of A is lexicographically greater than a sorted listing of B. This is true 
for both descending sort and ascending sort; which suggests two ways of completing SMO 
to a total order over fc-element multisets. To complete the last example, since (4, 3, 2, 1) 
is lexicographically smaller than (4,3,3,0), multiset C is smaller according to descending 
sort. However, according to ascending sort, we find that C is greater, as (1,2,3,4) is 
lexicographically greater than (0,3,3,4). 

Comparing lists in descending sorted order yields the total order called multiset order by 
Dershowitz and Manna, who defined it in a more general fashion and showed its usefulness 
in termination proofs. Comparing ascending lists results in the so-called dual multiset 
order [4]. In this work, we will make use of both total orders. We emphasize, however, 
that we only use them for sets of equal cardinality (which simplifies their definitions). If 
1^1 > \B\, we shall always consider A to be bigger. 

A total order is needed, in particular, for the definition of min and max operators. 

Definition 2.16. Let A, B be finite multisets over Val. We define min(^, B) and max(A, B) 
as follows: if \A\ ^ \B\, then min(^, i?) is the smaller multiset and msix(A, B) is the larger. 
If \A\ = \B\, mm{A,B) is the smaller under dual multiset order, while max(^, i?) is the 
bigger under multiset order. 

The definitions extend naturally to define minimum and maximum over a finite set 
of multisets. In all cases, the operator can be implemented by choosing the lexicographic 
minimum, or maximum, among the tuples that represent the multisets (with elements in 
ascending order for min, descending order for max). The choice of two different orderings 
to define min and max may seem strange, but it will be seen to work best later in the 
paper. 

3. Some Previous Results 

This section summarizes some previous work on SCT, including definitions and con- 
structions that we shall use. 
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Gi : / ^ / G2 : / / G3 : / ^ / 

Figure 5: An SCT instance with strict arcs only 

3.1. Thread preservers. The concept of thread preservers was introduced in [4J. We cite 
the definition and a useful theorem. 

Let V = Var{f), the combined set of variables in the whole abstract program. 

Definition 3.1. Let Q be an ACG and V its set of variables. A set P C V is called a thread 
preserver for Q if for every G £ Q where G : / — it holds that whenever x G { Var{f)nP), 
there is x— >y G G for some y £ P. 

It is easy to see that the set of thread preservers of a given ACG is closed under union. 
Hence, there is always a unique maximal thread preserver (MTP) for Q, which we denote 
by MTP(^). It is further shown in [4J that given a standard representation of Q, M.TP{Q) 
can be found in linear time. This is significant because the MTP is useful — among else for 
constructing ranking functions. 

3.2. Ranking functions for strict SCT. Throughout this subsection, Q is presumed 
strongly connected. 

The following theorem is from [9j: 

Theorem 3.2. Let G be a terminating, strict SCT instance. There exists an indexed set 
{Sf}, where for every f G F, Sf is a set of subsets of Var{f), such that the function 

p{f, a) = min MAXVAL^X 

xeSf 

is a ranking function for Q . 

For example, consider the SCT instance in Figure [5l It has the ranking function 

a) = min(MAXVAL^{x, y}, MAXVAL^{x, z}, MAXVAL<^{y, z}). 

The correctness of this function can be verified, as usual, by checking graph by graph and 
assuming in turn each ordering of the values of the variables. 

The worst-case size of a function of the above form is exponential, related to the number 
of different subsets of Var(/), which is 2". For more details, see [U § 3.1]. Next, we give 
two special cases of particular interest, which are already implicit in [4|. The first case is 
that oi fan- out free graphs: 

Theorem 3.3. If Q is a terminating, strict, fan- out free SCT instance, then Q has a non- 
empty thread-preserver; and for any such preserver P, the function 

pif, a) = MINVAL,, ( yar(/) n P) 

is a ranking function for Q . 
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The theorem follows from the following two lemmas. The first we only cite, referring 
the reader to [H § 6] for a proof. The second one we prove, because the proof is simple and 
clarifies the significance of thread preservers in connection with ranking. 

Lemma 3.4. Suppose that Q is strict and fan- out free. Then Q is size-change terminating 
if and only if Q has a non-empty thread-preserver. 

Lemma 3.5. Suppose that Q has a non-empty thread preserver P, and let 

pif, a) = MINVAL,( Varif) n P) . 
For allG £0, p{s) > p{s'). If Q is strict, then G \= p{s) > p{s'). 

Proof. Let G \= (/, u) ^ {f ,a'). By the definition of a thread preserver, we have, for all 
X € ( Var{f) fl P), a{x) > a'{y) for some y € Var{f') HP. If x is such that a{x) is minimum 
(i.e., MINVAL<^( Var(/) nP) is cr(x)), we have p{f,a) = a{x), whereas pif, a') < a{y). 
Combining the three relations, we get p{f',a') < p{f,a). 

If Q is strict, then a{x) > a'{y) and the inequality becomes strict. □ 

The case of fan-in free graphs is symmetric to that of fan-out free graphs. In order to 
exploit this symmetry, we use the technique of transposing the size-change graphs. 

Definition 3.6. If G : / ^ is a size-change graph, G* denotes its transposition, which is 
a size-change graph with source g, target /, and arcs {y^x\x^y£ G}. For a set Q of 
size-change graphs, = {G* | G € Q}. 

Observation 3.7 ([4j). g satisfies SCT if and only if does. 

Clearly, G is fan-in free if and only if G* is fan-out free. Now we can use this for a 
ranking-function construction. 

Theorem 3.8. If g is a terminating, strict, fan-in free SCT instance, then g^ has a non- 
empty thread-preserver; and for any such preserver P, the function 

p{f,a) = MAXVAL^( Var(/) n P) 

is a ranking function for g. 

The fact that ^* has a non-empty thread-preserver follows from Observation 13.71 and 
Lemma 13.41 The correctness of the ranking function then follows from the next lemma. 

Lemma 3.9. Suppose that t/* has a non-empty thread preserver P. And let 

p{f, a) = MAXVAK{Var{f) n P) . 
For allG eg, G^ p{s) > p{s'). If g is strict, then G \= p{s) > p{s'). 

Proof. Let G |= (/, cr) i— > {f',a'). By the definition of a thread preserver (but noting that 
it is a G* thread preserver!), we have, for all y G {Var{f') P), cr{x) > cr'{y) for some 
X G Var{f) (1 P. For y such that a{y) is maximum, we have p{f',a') = cr{y), whereas 
Pifi^^) > cr{x). Combining the three relations, we get p{f,a) > p{f',a'). 

If g is strict, then a{x) > a'{y) and the inequality becomes strict. □ 
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4. FAN-OUT Free SCT 

We are given a fan-out free positive SCT instance Q. We assume that Q is strongly 
connected and that |V(2r(/)| = n for all f F, and let m = \F\. We shall construct a 
ranking function for Q, and then discuss its size (getting an upper bound which is later 
shown to be tight). A brief outline of the construction follows: 

• Transform Q into a strict, fan-out free SCT instance. 

• Use Theorem 13.31 

• Optionally, optimize the ranking function for size (without this stage, the desired upper 
bound on size may fail to hold). 

Next, the construction is described in detail, along with proofs and some illustrations. A 
complete demonstration of the process for a (very small) example can be found at the end 
of the section, along with some comments regarding the implementation of the algorithm 
(which is initially described in a very abstract manner, just to make the theorems clear). 

4.1. The basic construction. 

Definition 4.1 (Vectors). For flow-point / € -F and positive integer B, is the set of 
tuples = {vi,V2, ■ ■ ■) of even length, where every odd position is a non-empty subset of 
V(3r(/), together constituting a partition of the latter; and every even position is an integer 
between and B. 

Remark. The distinction between a vector and its components is indicated here by font. 
Thus, Vi is the rth entry of v, while Vj is the ith vector in some sequence of vectors. For 
notational convenience, we may make use of a double-meaning expression \vi\ > which 
means, if i is odd, that the set Vi contains more elements than n,; and if i is even, that the 
integer Vi is greater. 

Definition 4.2. The value of v G in a given program state (/, o"), denoted ct(v), is 
obtained by substituting the values of variables according to a, so every subset of variables 
becomes a multiset of data values. This results in a tuple with multisets and integers in 
odd and even positions, respectively. Such tuples are compared lexicographically, where 
multisets are compared according to one of the multiset orders (we use SMO, as long as a 
total order is not required). We define the min and max operators on vectors by the lexi- 
cographic extension of the corresponding total multiset order, according to Definition 12.161 

In the rest of this section, i? = m • 2". Since B is fixed, Vj^ may be written as Vf. 

Definition 4.3. For S C Var[f) and a size-change graph G : f ^ g, define Im(S', G) to be 
the set of y such that x ^ y G G with x G S. 

Observe that, as we are only dealing with fan-out free graphs in this construction, 
|Im(S', G)| < l^l, with equality only if we have a one-to-one correspondence, where for 
every element of S (respectively Im(S', G)) there is a single arc in G connecting it to the 
other set. It is quite easy to see, that such correspondence implies a (weak) SMO descent 
from S to Im(S', G) (if at least one of the connecting arcs is strict, we have strict descent). 

Definition 4.4. Let v G Vf, and G : f ^ g. For an odd position i in v, let 

Im,(v,G) =Im(t;„G)\ [J lm{v,,G). 

odd j<i 
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We say that position i is descending if |Imi(v, G)| < \vi\ or [Imj(v,G)| = \vi\ and there 
is a strict arc in G from x G u j to y G Imj(v, G). 

Note that the only other possibihty is |Imj(v, G)\ = \vi\ and ah arcs from Vi to Imj(v, G) 
non-strict. So, a descending position's value either strictly descends in multiset order, or 
at least weakly descends. In the next definition, we use the numeric positions in order to 
make the vector decrease strictly when there is no descent in the set-valued positions. We 
also use them to avoid having empty sets in the set-valued positions. 

Definition 4.5. Given a size-change graph G : f ^ g, and v G Vj, next(v,G) G is 
defined by cases, as follows. 

Case Nl: If i is the first descending position and |Imj(v, G)[ > 0, 

next(v, G) = (Imi(v, G), t;2, Im3(v, G), . . . , Im,(v, G), B, S, B) 

where S is the set of g variables not occurring up to position i; if S turns out to be empty, 
omit the final suffix S", B. 

Case N2: If i is the first descending position and |Imj(v, G)| = 0, 

next(v,G) = (Imi(v, G), t;2, Im3(v, G), . . . , Imj_2(v, G), ^jj-i - l,S,B) 

where S is the set of g variables not occurring up to position i — 2; note that it cannot 
be empty. The above expression assumes that i > 1 and Wj-i > 0. If either of these 
conditions is not met, next(v, G) is undefined. 

Case N3: No position is descending. The last position is Vi (an integer). 

next(v, G) = (Imi(v, G), i;2, Im3(v, G), . . . , Imi_i(v, G), - 1) 
assuming that vi > 0; if vi = 0, next(v, G) is undefined. 

Note that a size-change arc of G that leaves a variable x £ Vi never reaches a variable 
in a higher position of next(v,G); it may reach position i or a lower one. Here is a more 
substantial observation: 

Observation 4.6. In a program transition (/, cr) {g,a'), the value of next ( v, Gc) in 
{g,cr') (if defined) is strictly smaller than the value of v in {f,(j). 

Thus, we can use these vectors to construct an instance of strict SCT. Note that the 
descent is justified by the definition of next and by size-change graph Gc. Therefore, a 
ranking function built on the base of this descent can be statically verified to decrease, 
based on Q. 

Definition 4.7. TZ is an all-strict, fan-out free SCT instance with CFG as in Q, where the 
variables for flow-point / are the vectors Vy, and the size-change graph G^ for arc c G G/g 
has arcs v — > next(v, Gc) for all v G V/ such that next(v, Gc) exists. 

Clearly, TZ is fan-out free. Note that this implies that, given a multipath and a specific 
vector at its source, a unique thread can be followed from that vector until it either stops 
at the end of the multipath or reaches a vector with no outcoming arc. Such a thread 
is a chain of vectors obtained by repeated application of next. For an example, Figure [6] 
shows three size-change graphs of an instance Q and Figure [7] shows a single thread from 
an 7?.-multipath. Note that there is lexicographic descent at each step. 
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Figure 6: A fan-out free SCT instance. 
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Figure 7: A thread of vectors, corresponding to the call sequence 3212. The first position 
of each vector is at the bottom. The horizontal arrows show the corresponding 
size-change graph and the applicable case of Definition 4.5. 



We now introduce some notation and concepts used later in analysing TZ. Let M'^ = 
G1G2 . . . denote a ^-multipath, and the corresponding 7?.-multipath (following the same 
CFG path). Let r denote a thread in M^, namely a sequence vq, vi, . . . such that Vj = 
next(vj_i, Gj). The passage from Vj-i to Vj will be called a step and written compactly 

as Vj_i Vj. 

Definition 4.8. The i-band of r is the sequence resulting from trimming all vectors in r 

to their i-prefix, i.e., the first i positions. We say that r is i-stable if for all steps v ^ v' in 
r, no odd position k < i is descending. 

Wc denote by Pi{v) the set of variables appearing in the i-prefix of v. 

Lemma 4.9. Suppose that i is even, and t is an TZ-thread with a stable i-band. Then none 
of the numeric (even) positions below i changes along t, while the last one (position i) may 
decrease, but cannot increase. 

Proof. Straight-forward from definition of the next relation and z-stability. □ 

On the other hand, if the i-band is not stable in r, then either position z or a lower 
numeric position must be reset to B once or more along r. 

Theorem 4.10. 7^ satisfies SCT. 
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Figure 8: An illustration of Case 2 in the proof of Theorem 4.10. 



Proof. Let /q be the initial function of Q and let vq = ( V(3r(/o), B). Wc claim that in every 
TZ multipath (in particular, an infinite one) starting at /o there is a complete thread starting 
at Vq. Since TZ is strict, this means that every infinite multipath has an infinitely-descending 
thread, hence SCT is satisfied. 

Suppose to the contrary that there is a counter-example M^. In fact, let be a 
shortest counter-example. Then ends in a graph and there is a thread r leading 
from vo at the front of up to a node v on the source side of such that next(v, Gc) 
is undefined. 

Let us review the cases in which next(v, Gc) is undefined: 

(1) |Imi(v,G)| =0. 

(2) The first descending position is i and |Imj(v, G)| = and Vi-i = 0. 

(3) No position is descending and the vector ends with a 0. 

We next undertake to derive a contradiction in each of these cases. 

Case 1. This case implies that there is no complete thread in M*^; indeed, when looking 
at the vectors of r, we see that initially all the variables are in the lowest position, and all 
threads must stay there (review the definition of |Imj(v, G)|); by the definition of this case, 
none of them survives to the end of the multipath. 

Since Q is strongly connected, it is possible to complete M*-' by adding size-change 
graphs, if necessary, so that the multipath ends at /q. We thus obtain a cycle without any 
complete thread, which contradicts the SCT property of Q (repeat the cycle forever and 
obtain an infinite multipath without infinite descent). 

Case 2. |Imj(v, Gc)| = 0, Vi-i = while for all odd j < i, |Imj(v, Gc)| = \vj\ and there are 
only non-strict arcs between vj and Imj(v, Gc). 

Observe that Vi-i can only reach by being decreased repeatedly, from the last point 
where it had a value of B down to zero; this means that the z-band of r is stable. 

Informally speaking, we can ignore the i-band and look at the vectors starting at the 
ith position, and there we will find a situation similar to Case 1. For this reasoning to 
be correct, it is necessary that the set of variables within the i-band be the same at the 
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beginning and the end of the "bad" multipath. We will use a pigeon-hole argument to show 
that such a situation must occur. 

G 

Consider the steps ^t-i ^ of r where position i — 1 is decremented. Label each such 
step with its target flow-point, say /, and the subset Si = Pj_i(vt) C Var{f). The value 
B = m - 2^ guarantees that some pair (/, Si) must occur twice. Choose two positions s < t 
that get the same label (/, Si). Then next(vs_i, G^) as well as next(vt_i, Gj) are defined 
by (N2). Therefore, has S2 = Var{f) \ Si in position i. In addition, |Imj(v(_i, Gt)| = 0, 
that is, the set in position i has no outgoing arcs in Gt- 

Now, consider the ^-multipath C = Gs+i ■ ■ - Gt, starting and ending at / (Figure [8]). 
The set Si is carried by non-strict threads of G unto itself, while no complete thread starts 
and ends within S2. Conclusion: repeating this cycle infinitely many times, there will be 
no infinite descent, contradicting the termination of G- 

Case 3. No position in v is descending and the vector ends with a 0. 

This case can be seen as a sub-case of Case 2, where Si includes all variables. □ 

Theorem 4.11. Suppose that G is a fan-out free, positive SCT instance. Let B = m ■ 2". 
There exists an indexed set {Sf}, where Sf C for every f & F, such that the function 
Pf{cr) = MINVAL(jS/ is a ranking function for Q. This ranking function can he effectively 
constructed given Q . 

Proof. Since TZ is all-strict, fan-out free, and satisfies SCT, Theorem 13.31 applies. By con- 
structing IZ and computing its maximal thread preserver, we find the sets of vectors whose 
minima comprise the ranking function. □ 

Practically, TZ need not be constructed to its full doubly-exponential size; see Sec- 
tion [331 

4.2. A useful observation. We note a fact that will prove useful in the sequel. Suppose 
that we modify the SMO into a partial order SMO^ by defining sets of different cardinalities 
to be incomparable. We can still carry out our construction. The trick is simple: if we 
replace a set S by the pair (|S|,S), the intended order is restored. An extra numeric 
position before a set-valued position Vi is not actually needed, because it can be merged 
into the numeric position Vi-i (replacing (vj-i, \vi\) with vi-in + \vi\\ the upper bound B 
changes into Bn). The case of vi is different: here the prefix \vi\ is not necessary at all, 
because in an infinite thread, the size \vi\ must be eventually constant. 

4.3. The size of the ranking function. If the size of the ranking function (more precisely, 
the expression for that function) is of interest, the expression that results of the previous 
construction should be optimized by eliminating redundancies, as explained next. 

Definition 4.12. Let v, u S Vf. The relation v ^ u holds if there is an index i, such that 
for all j < i, Vj = uj, while \vi\ < \ui\. 

Observation 4.13. If v ^ u then, regardless of the values of variables, the value of v is 
lexicographically smaller than the value of u. We say therefore that v dominates u. 

Clearly, if there are dominated vectors in the ranking expression, they can be dropped. 
A set without dominated vectors is said to be in normal form. 

Lemma 4.14. Any set R QVf in normal form satisfies \R\ < n\ . 
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Proof. Observe that ah first positions of vectors v € i? must contain sets of the same size ki. 
We prove the lemma by induction on n — li ki = n then there is just one set and clearly 
\R\ = 1. If A;i < n there are at most (^) different sets in the first position. Given any 
choice 5*1 for the first position, the number in the second position is unique (by normality). 
If we choose from R just the vectors beginning with 5*1 and drop the first two positions, we 
obtain a normal set over n — ki variables. By the induction hypothesis, its size is bounded 
by (n — ki)\ and the bound on readily follows. □ 

Corollary 4.15. Every fan-out free, terminating SCT instance has a ranking function of 
form p/(cr) = MINVALcr/S/ with Sf C.Vf in normal form. In particular, \Sf \ < n! . 

We can also simplify the form of the function — expressing it without the use of multisets. 
Let Vj^ be the set of vectors in which all odd positions are singletons. When working 
exclusively with such vectors, the multiset concept is redundant. One can define the value 
of a position holding {x} as cr{x) and consider the vectors to have values in {Val x N)". 

For V G V/-, a simplification of v is obtained as follows. For every odd position i, replace 
the set Vi with a list of its elements (if \vi\ > 1, there are different ways to do that, so there 
are many simplifications). Insert between any pair of consecutive non- numerical positions, 
to obtain an element of V^. For R Q Vf , let R be the set of all simplifications of v G i?. 

Lemma 4.16. Suppose that Sj C Vj^ and Sg C Vf are normal. If MINVAL^S*/ > 
MINVAL<^/5g, then also MINVAL^S^j > MINVAL^/S^g. 

Proof. Let v G S'j be the vector of minimal value (under a). Consider v; the assumption 
MINVAL.^S'/ > MINVAL^/Sg imphes that there is a vector ue Sg such that a'{u) < (t(v). 
Note that this is a lexicographic comparison. Thus there is an index i such that for all j < i, 
cr'{u)j = cr{v)j, while a'{u)i < cr(v)j. 

The equalities at positions j < i mean that for all the sets in such positions, the elements 
of Uj can be arranged to match elements of Vj of equal value as they appear in v. Thus we 
build a simplification u whose value is identical to that of v up to position i. If this position 
is numeric, then we can clearly complete the simplification and obtain <t(v) > o"'(u). If 
position z is a set, the multiset inequality cr'{u)i < cr{v)i means that, if the elements of 
both vectors are arranged in ascending order of value, the vector obtained from Ui will be 
lexicographically smaller. Observe that among all listings of the elements of a multiset, the 
ascending list is lexicographically smallest. Therefore, the elements of Vi must appear in 
V in exactly that order (as it is minimum in Sf). Now, arranging the elements of Ui in 
corresponding order, we obtain a simplification u that is smaller than v. 

Thus some element of Sg has smaller value than v, which shows that MINVALg-'S'g is 
definitely smaller than v. □ 

Theorem 4.17. Every fan- out free, positive SCT instance Q has a ranking function of form 
pf{a) = MINVAL^S/ with Sf C Vf^ and \Sf \ < n! . 

Proof. We start with a ranking function as claimed in Theorem 14.111 and replace every set 
Sf by its simplification; then we remove dominated vectors to obtain a normal set. □ 
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4.4. When the CFG is not strongly connected. For completeness, let us explain how 
ranking functions of the kind constructed in this paper should be adjusted when the control- 
flow graph is not strongly connected. 

Suppose that the CFG of Q consists of several strongly connected components (SCCs). 
Let Ci, . . . , Cfc be a reverse topological ordering of the components. If the size-change graphs 
in every component are fan-out (or fan-in) free, our constructions yields a function Pf{cr) 
that decreases in every transition within a component (note that we construct the function 
separately for each component, but it can be considered as one function; no conflicts arise 
because every flow-point / belongs to a unique component). 

Next, define p'{s) for any state s = (/, cr), where / G Ci, by prepending i to Pf{cr) (this 
gives a vector with an extra numeric position at its beginning). It is easy to see that p' is 
a ranking function for Q. 



4.5. An example, and a simplification of the algorithm. Next, we carry out the 
construction for a very small example. Small, but hopefully illustrative. In fact, the example 
will illustrate how the construction can be made simpler and much more efficient than a 
literal implementation of the proof of Theorem 14. Ill After explaining the example, we will 
also formulate the simplification in general terms. 

Our example is an instance with F = {/}, Var{f) = {x,y} and Q = {6*1,^2}, where 

Gi = {x y, y y}, G2 = {x -^^ x, y ^ x} . 

We have i? = m • 2" = 4. We will not construct TZ in full, which would have meant (if we 
followed Definition 14.71 literally) creating an instance with \Vf\ = 36 variables. Instead, we 
note that according to the proof of Theorem 14.101 it suffices to find the vectors reachable 
from vq = (Var(/o),i?) by applications of next; this will be a smaller sub-instance of TZ 
which satisfies the theorem. 

So, the actual procedure is as follows: we initialize a collection S of vectors to {vq}. We 
repeatedly compute, for each vector v G S, and Gi G G, the result of next(v, Gi), adding it 
to S, until S does not grow any further. We describe the result of this process as a graph, 
where the arcs out of v describe the applications of next(v, Gi) in the construction: 

Gi 

G ^ 

({x,y},4)^i-({y},4,{x},4) 

'i 

({x},4,{y},4) 

G2 

The set of all four vectors is a thread preserver, as each of them has an outgoing arc 
both under Gi and under G2. We conclude that 

p(x,y)=min(({x,y},4), ({y}, 4, {x}, 4) , ({x}, 4, {y}, 4) , ({x}, 3, {y}, 4)) 

is a ranking function. Removing dominated vectors, we reduce the expression to 

p(x, y) = min(({y}, 4, {x}, 4) , ({x}, 3, {y}, 4) ). 



G2 



Gi,G2 
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The fact that the set of vectors constructed, S, constituted a thread preserver, is not 
an incident. We next demonstrate this in general. This means that the way of computing 
S not only economizes on the size of TZ, it also obviates the need for an MTP computation. 

Theorem 4.18. Let S CVj- be the closure of the set {vq}, where vq = {Var{fQ),B), under 
the operators next(v, G) for all G ^ Q. This set is a thread preserver in TZ. 

Proof. By the definition of S", if v G Vj is in S, this is because there exists a sequence 
Vq, vi, . . . , Vfc = V such that for all i, Vj = next(vj_i, Gi) for an appropriate Gj. Thus, in 
the 7^-multipath M = G1G2 ■ . . G^, vector v lies on a thread r emanating from vq. The 
crucial observation now is that, since TZ is fan- out free, there is just one such thread. This 
fact was not used in the proof of Theorem 14.101 but it means that we can deduce from the 
proof that this particular thread r can be continued in any 7^-multipath extending M, say 
MGk+i. Thus, for any applicable G^+i, next(v, G^+i) is defined — and has to be in S. 

We conclude that S has the property of a thread preserver. □ 

This technique can be pushed a little further, as shows the next theorem. 

Theorem 4.19. Considering S as the node set of a directed graph {S,A) (with arcs v — > 
next(v, G) ), let C he a sink SCO of this graph. Then C is a thread preserver. 

Proof. The thread-preservation follows directly from the definition of S plus the fact that 
no arc leaves a sink SCC. □ 

Thus, a standard SCC algorithm (which runs in linear time [7]) suffices for obtaining a 
thread preserver, which can be smaller than the MTP, since it is actually a minimal thread 
preserver (as the interested reader may verify). In the last example, this TP consists of the 
two vectors that wound up in the final ranking function. It is not true in general, however, 
that the SCC will be a normal set (free of dominated vectors), as was the case with this 
example. A counter-example is given by ^ = {Gi,G2}, where 

1 = {x ^ X, y ^ y, z ^ y|, G2 = |y ^ z, z ^ zj . 

An additional implementation tip. The value of B used in Theorem 14.111 m • 2", becomes 
unwieldy if n is large. In fact, it is an overestimate. Even theoretically, the range to i3 
will never be fully used (the interested reader is invited to prove it), and in most cases a 
much smaller range will be needed. The right way to implement the numeric positions is by 
inverting the interval [0,5], so that they are initially and increasing, instead of starting 
at B and decreasing. For preserving the natural order on numbers, invert again once the 
true range necessary for an instance has thus been discovered. 

Other optimizations. The reader may have noticed that the function: 

p(x, y) = min(({y}, 4, {x}, 4) , ({x}, 3, {y}, 4)) 

can be simplified to 

/5(x,y)=min(({y},4), ({x},3)) 

while remaining a ranking function. We have not generalized this observation or formulated 
a procedure to find such savings. 
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5. Fan-in Free SCT 

The fan-in free class of SCT instances is symmetric in nature to the fan-out free class. 
This symmetry has been used in [3] where it was also observed that transposing graphs, 
which clearly makes fan- in into fan-out (and vice versa), also has to do with exchanging 
min-descent with max-descent; this is illustrated in the simple results cited in Section [3.21 

In this section, we show how to use transposition for applying the construction and 
results of Section H] to fan-in free graphs. The arguments here are somewhat subtler than 
those of Section 13.21 since they involve the semantic connection between Q and TZ. To do 
this precisely, we have to review some of our concepts and results with an eye to more 
generality. 

We begin by noting that the SCT condition (Section 12. 2p is completely independent 
of the semantic interpretation of size-change graphs, involving the order relation on Val, 
to which we now assign the notation < yai- This order is relevant however for defining the 
transition system Tg (Definition 12. 7p . so for clarity we may notate it as Tg[<y(iJ. Note that 
the assumption that the order is well-founded is only necessary for justifying the conclusion 
regarding termination of Tg. In particular, the construction of TZ is, obviously, completely 
syntactic, while the justification of its size-change arcs can be put in more general terms as 
follows. 

For a given order <vai, let SMO^ [<yaz] denote the simple multiset partial order (as 
described in Section 14. 2p parameterized by the order < vai for set elements. 

Definition 5.1. For given orders <vai and <b (with carrier sets Val and [0,-B], respec- 
tively) , let ( Val (X)" B) denote the set of tuples {vi,V2, ■ ■ ■) of even length, where every odd 
position is a non-empty multiset over Val, together containing n elements; and every even 
position is an integer in [0,5]. The lexicographic partial order on (Val^'^ B), obtained 
by ordering odd positions with SMO^[<v'ai] and even positions with <b, is denoted by 

<Val «>" <B- 

The following is a parametrized rereading of Observation 14. 6t 

Claim 5.2. For a size-change graph G and a vector v, 

{{f,a),{g,a')) G Tg[<val] =^ a'(next(v, G)) <val ®" <B C7{v) . 

This shows that the interpretation of TZ as size-change graphs works in the general 
setting. 

We now move to transposition. In Section [3T2l we observed that the SCT property of Q 
is preserved under transposition. But what do the transposed graphs describe? The natural 
answer is given by the equation 

Tgt[{<ValY] = iTg[<Val]Y 

(a transposed relation is defined in the natural way; <* is the reverse order relation, >). 
Here is a useful lemma concerning transposition. 

Lemma 5.3. ii<vaiY <bY = <Vai ^"(<b)*. 

We leave its proof to the reader; note that using the partial version SMOt helps to 
avoid the asymmetric definition of SMO for sets of different size. 

Theorem 5.4. Let Q he fan-in free, positive SCT instance, and let B = m ■ 2"" ■ n. There 
exists an indexed set {Sf}, where Sf C V^ for every f & F, such that the function Pf{cr) = 
MAXVALo-S"/ is a ranking function for Q . 
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This ranking function can he effectively constructed given Q. 

Proof. Observe that this is a version of Theorem l4.1H with MINVAL changed into M AXVAL 
(this will be justified shortly) and B multiplied by n to compensate for the use of SMO^ 
instead of SMO (see Section [4.2j) . Now, we describe the construction of p. 

Given Q, construct Q^; note that will be fan-out free. Thus IZ can be constructed from 
it as in the last section, and it is fan-out free and strict. Since the interpretation of uses 
the ordering <vai-, the semantics of IZ is given by a transition system 

Tn[{<vai)' ®" <b]. 
Now, 7^*, is strict, fan-in free, and interpreted under the order {{<vaif 

Since IZ satisfies SCT (as proved in the last section), so does 7^*, and by Theorem l3.8l it 
has a ranking function p of the form stated in the current theorem. This function decreases 
under the ordering {{<vaif "X)" <_b)*- 

Since by Lemma [5?3l {{<vaif ®^ ^bY = <Vai ®" (^b)*, we find that p descends under 
the usual ordering of V^, except that the numeric positions are ordered in reverse (<_b* 
instead of <b)- But this can be easily fixed by exchanging every value V2i by B — V2i, so 
that descent in {<vai <b) is obtained. □ 

The simplifications considered in the previous section also apply here. 

Corollary 5.5. Every fan-in free, positive SCT instance has a ranking function of form 
Pf{a) = MAXVAL^5/ with Sj C Vf and \Sf\ < n! . 

6. Lower Bounds 

Our upper bound on the size of the ranking functions is exponential; more precisely, up 
to re! vectors under the min or max sign, for every flow-point. What is the true complexity? 
In this section we provide (mostly) explicit lower bounds, that is, lower bounds on the "size" 
of any ranking function for a speciflc family of SCT instances. In order to prove such a 
result, it is necessary to make assumptions on the form of the ranking function. We progress 
through three types of ranking functions that generate vectors of variables and constants, 
as our constructions do. The first type precludes the use of multisets, the second allows 
them with a restriction, and the third is the most general. 

All our examples are for a CFG with a single node /. We consider a class of ranking 
functions that can be described by assigning an element v € Vj^ to any total order r on 
Var(f), such that if the values of variables in state s satisfy r, then Pf{s) is given by v (we 
can ignore the value of the function in the case that some variables tie). The value of B 
is left unspecified. Note that the constructions in this paper are of this kind, since if the 
order of variable values is known, the lexicographic or multiset minima and maxima can be 
deduced. We call such ranking functions VSO (for Vectors Selected by Order). 

Definition 6.1. Let s = {f,cr) be a state, and tt € S'„ an re-element permutation. We say 
that a state s has order vr whenever iri < nj <^=^ s{xi) < s{xj) for all i,j. If the values of 
variables in s are distinct, tt is unique and we denote it by Order(s). 

Definition 6.2. Let p{f,a) (or Pf{cr)) be a function over states with co-domain . Such 
a function is called a VSO function if there is, for each /, a function p*^ : Sn ^ Vj^ such 
that, for all s = {f,cr) where the values of all variables are distinct, we have Pf{cr) = 
s{p*f{Order{s))) (recall that s(v) is the value of vector v in state s). 
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We knowingly disregard the states where variable values are not distinct. 

The lower bounds in this section apply to the number of distinct vectors in the image 
set of p*j, i.e. to the size of the set p*^{Sn)- Thus they apply to the number of vectors under 
the min or max operators in functions expressed as in Theorems 14.111 and 15.41 All our 
constructions are fan-out free instances, and the lower bounds are very close to the upper 
bounds we had for this class. 

We believe that in a certain sense, a ranking function generated by a general SCT- 
based construction (i.e., not using any other information, say about Val) has to be a VSO 
function (or representable as one) since all that is assumed of the data Val is that they are 
ordered, so decisions can only be based on order; and variable values can be put into tuples 
or multisets, but not otherwise used in expressions. We have not formalized this intuition, 
however. 

6.1. Preliminaries. The set Var{f) is written in the following examples as {xo,xi, . . . , Xn} 
(so there are actually n+1 variables). States may be written in the form [xq i— > uq, . . . , i— > 
Vr,\. In our examples, values are non- negative integers, and xq is always largest. We also 
assume that all variable values are different. Therefore, the ordering of variable values 
in a state will be described by a permutation on [1, . . . ,n], reflecting the ordering among 

Xl, . . . , Xfi. 

We denote by / the identity on [1, . . . , n] and by the permutation exchanging i and 
j. Composition of permutations is defined by the rule {1^17^2)^ = T^i{T^2i)- For a state s, sir 
denote the result of the action of vr on the state s, defined by (s7r)(xj) = s(x7ri). 

6.2. Simple ranking functions. We observed (in Section that it is possible to restrict 
all our constructions to vectors which do not employ multisets (technically, all odd positions 
are singletons). A ranking function of this type is simple. We begin by proving a lower 
bound for simple ranking functions. 

Theorem 6.3. Let n > 0. There is a fan-out free positive SCT instance Q with a single 
flow-point, n + 1 variables and n size-change graphs such that any simple VSO ranking 
function pf for Q satisfies \p*j[Sn)\ > ri\. 

Observe that this lower bound matches almost exactly the upper bound of Theo- 
rem H7T71 

The proof of the theorem breaks into the following parts: (1) construction of the SCT 
instance; (2) proof that SCT is satisfied; (3) proof of the lower bound. 

Construction 6.1: SCT instance Q. Let Q = {Gi, . . . , where for k = 1, . . . , n — 1, 

Gk = {xk ^ Xk+i-,Xk+i ^ Xk}yJ {xi ^ Xi\i k,k + 1}\J {xq ^ Xq} and 

Gn = {Xi^ Xi\l<i <n}\j{Xn-^ Xn}. 

(See Figure [9] for an illustration.) 

Observe that any contiguous sequence of the graphs Gi, . . . , Gn-i represents (or "ef- 
fects") some permutation vr on in the sense that every Xi is carried by a 
(non-descending) thread to Xtt^. Henceforth, we call this "a permutation multipath" Mt^. 
Note that for every permutation vr G Sn, there is a multipath effecting it, less than n? long, 
according to well-known ways of composing any permutation of exchanges. 
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Figure 9: A partial view of two graphs from Construction 6.1 and one from Const. 6.2. 
Lemma 6.4. Q satisfies SCT. 

Proof. In any infinite ^/-multipath that does not contain G„ (or where Gn occurs a finite 
number of times), there is infinite descent at xq. In a multipath that includes an infinity of 
G„'s, the thread at is lost but each of xi, . . . , x„ begins a separate infinite thread. At each 
occurrence of G„, one of these threads descends, so there is at least one thread of infinite 
descent. □ 



Lemma 6.5. Let pf be a simple ranking function for Q andv 
TT. Then xq is the last variable that appears in v. 



Py(7r) for some permutation 



Proof. Consider a state s with Order{s) = tt, so Pf{s) = s(v). Let i> 0. Let s' be identical 
to s except that xi decreased and xq increased, while the relative order of variables remains 
vr, so Pf{s') is also given by v. Note that M^-^^GnM^^^- \= s s'. Thus, we must have 
Pf{s) > Pf{s'), so Xi must appear in v before xq. Since this conclusion holds for every 
z > 0, it follows that xq must be last. □ 

For any v, let LIST(v) denote the permutation that describes the placement of variables 

in V (excluding xq which we know to be last). That is, LIST(v)i = j indicates that the ith 
variable occuring in v is xj. For a permutation tt, we use the following abbreviations: 
is pj.(7r); is LIST(v^). 

Lemma 6.6. Let pf be a simple ranking function for Q and 7r,T G Sn- Then tL^ = -kLt^. 
Moreover, vectors Vr and have the same constants in the even positions below position 
2n. 

Proof. Assume the contrary. Consider the first position that violates the lemma. Suppose 
first that it is an odd position 2i — 1, containing a variable. Thus, letting k = L-j-i and 
j = L-i^i, we have rk / ttj. Assume for the rest of the proof that rk > vrj (otherwise, 
exchange r and tt). 

Let s = [xj TT j for 1 < j < n,XQ i-^ n + n^] . Note that Order{s) = vr. Thus, 
Pf{s) = s(v^). Let s' = [xk rk loi 1 < k < n,xo i-^ n + 1]. Note that Order{s') = r. 
Thys, Pf{s') = s'(vt-). It should be easy to see that M^-i^ \= s ^ s' . 

For all positions up to 2i — 1, the contents of Pf{s) and Pf{s') are the same. In position 
2i — 1, Pf{s') has s'(xfc) = rk, while p/(s) has s{xj) = nj. Now, By our assumption, 
rk > nj, so s'(xk) > s{xj). We conclude that lexicographic descent fails, which contradicts 
Pf being a ranking function. 

Next, assume that the first position that violates the lemma is an even position 2i < 2n, 
containing a constant. The refutation is very similar. □ 
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The proof of Theorem 16.31 is now concluded since the last lemma implies that a distinct 
vector corresponds to every permutation. 

6.3. Simply-ordered multisets. Now we move to ranking functions with multisets of 
any size. In Section 12.51 we described forms of multiset ordering; our ranking functions are 
constructed so that the change in every multiset value across a transition alway agrees with 
what we called the simple multiset order or SMO. This means that the relation between 
multisets of the same size must be expressed by a 1-1 correspondence of the elements. This 
subsection gives a lower bound under this restriction. 

Theorem 6.7. Let n > 0. There is a fan- out free positive SCT instance Ti with a single 
flow-point, n + 1 variables and 2n — 1 size-change graphs, such that any SMO-descending 
VSO ranking function pf for 71 satisfies \p*j{Sn)\ > n\. 

Observe that this lower bound, too, closely matches the upper bound of Theorem 14.11^ 
though a larger class of functions is considered. The proof proceeds through the same stages 
as the last one. 

Construction 6.2: SCT instance 7i. Let 7i = {Gi, . . . , Gn-i,Hi, ■ ■ ■ , Hn}, where the Gk 
graphs are identical to those of Construction 6.1, namely 

Gk = {xk Xk+i,Xk+i ^ Xk}li{xi^ Xi\i^k,k + l}U {xo xq} 

while for i = 1, . . . , n, 

Hi = {xj — > Xj I < j < i} U {xj Xi \ j > i}. 
Thus, Ti contains G (note that Hn is the same as G„ of Q). 
Lemma 6.8. Ti satisfies SCT. 

Proof. In any infinite ?^-multipath that does not contain ff-graphs (or contains a finite 
number of them), there is infinite descent at xq. In a multipath that includes an infinity 
of H^s, the set {xi, . . . , Xn} descends infinitely in dual multiset order, ensuring termination 
(the restriction to SMO in Theorem 16.71 only applies to our ranking function, not to this 
proof!). □ 

Lemma 6.9. Let pj be a SMO-descending VSO ranking function for Ti and let v^r = /5j(vr) 
for some permutation vr. Then xq only appears in 's last position. 

Proof. Essentially the same as for Lemma [6.51 Note that since xq increased from s to s', we 
cannot obtain simple multiset descent in any set of variables that includes xq. Therefore, 
Xi must appear strictly before xq, not even in the same set. □ 
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Figure 10: A partial view of two graphs from Construction 6.3. 

Lemma 6.10. Let pf, vr and as above. Then every odd position of v.,^ is a singleton. 

Proof. The proof is by contradiction, as in Lemma 16. 6[ Consider the first position that 
violates the lemma for some vr E S"™- Suppose that it is position 2i — 1. Let A be this 
element of Vjr, that is, the ith set-valued element. Let Xa be the variable in A such that 
6 = vra is smallest. 

Let s = [xj 1—^ 27rj for 1 < j < n,xo i— > n + n^]. Note that Order{s) = vr. Thus, 
Pf{s) = s(v7r). Let si = [xj 1-^ 2j for 1 < j < n, xq i— > ?t. + 1]- Note that Order{s) = /, and 
that 1= s I— > Si. Let 

S2 = [xj ^ 2j for j < 6, Xfo 1-^ 26 — 1, xj i— > 2n + j for j > 6, xq i— > n + n^]. 

Note that Hi, \= si i-^ S2, and Order{s2) is /. Let S3 = (s2vr)[xo <— + 1], so that 
M^-i 1= S2 I— > S3. We have Order{s^) = vr again. 

For all positions up to 2i — 1, the variables and constants in Pf{s^) have at least their 
value as in /3j(s). In position 2i — 1, we have a set that includes the variable Xa, and, if 
1^1 > 1, also other variables of greater indices. In S3, those other variables have values 
larger than in s. Thus, if lexicographic descent (under SMO) is to be maintained, we must 
conclude that |^| = 1. □ 

Lemma 6.11. Let pj be a restricted ranking function for 7i and let tt,t Sn- Let = 
P*j{tt), and likewise Vr = P*f{T)- Then rLr = ttLt^. In addition, vectors Vr and v^^ have the 
same constants in the even positions before position 2n. 

Proof. Given the last lemma, the situation is identical to that in Lemma 16.61 and the same 
proof holds. □ 

The proof of Theorem 16.71 is now concluded since the lemma implies that a distinct 
vector corresponds to every permutation. 



6.4. Dual-ordered multisets. We now extend the allowable range of ranking functions 
further by allowing a stronger type of multiset ordering to be used. Since our example 
consists of fan-out free graphs, it is easy to conclude that among the two orders described 
in Section 12.51 it is dual multiset order (DM0) which is promising to be useful. So, we 
consider VSO ranking functions in which multisets are compared by DM0. 

Theorem 6.12. There is a fan-out free positive SCT instance K, with a single flow-point, 
2n + 1 variables and n + 1 size-change graphs, such that any VSO ranking function pf for 
K, (with DM0 descent) must use at least 2" different vectors. 
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Construction 6.3: SCT instance K,. The variables in this example are named xq, . . . ,Xn and 
2/1, • • • 

Let /C = {Gi, . . . , i^x-, Hy}, where the Gk graphs are permutation graphs operat- 

ing on pairs {xi^yi): 

Gk = {xk ^ Xk+ijXk+i —> Xk,yk —> Vk+i^Vk+i ^ Uk] 
yj{xi Xi,yi ^ Ui \ i ^ k,k + 1} 

U{xo xo} 

Graphs H^, Hy operate specially on the first pair: 

Hx = {xi^ xi,yi^ xi}U{xi^ Xi,yi^yi\i> l}U{xo-^ Xo}; 

Hy = {xi ^ yi,yi ^ yi}U {xi ^ Xi,yi ^ yi \ i > 1} 
Lemma 6.13. /C satisfies SCT. 

Proof. Variable xq guarantees descent, except for multipaths that contain Hy. It suffices 
to prove that for each such finite multipath M = MiHyM2, M'^ includes an infinitely- 
descending threacfl. Note that M has this property if and only if M' = M2MiHy does. 
Now, M' has at least two descending threads that end at yi, beginning at Xi and yi for 
some i. If i = 1, the thread from yi is multiplied infinitely in (M')^. Hi ^ 1, observe 
that the effect of M' on the pairs is to permute them, so there is a /c (the order of the 
permutation) such that {M')'' has a yi to yi thread as in the simple case, and we have the 
same conclusion regarding {M')^. □ 

In proving the lower bound on the number of vectors we use tools similar to those of 
the previous proofs. Now, however, we restrict the orderings of variables on which we focus 
in the proof, so that the pairs are kept in increasing order, i.e., 

max(xi,yi) < min(3;2,y2) < max(x2,y2) < min(x3,y3) < ••• 

and, as usual, xq is larger than the rest. The relative order among the elements of each pair 
may change. The ordering of pairs is described by a function a : {1, . . . ,n} {x, y} that 
indicates, for every pair, which variable has the smaller value. Let be the set of such 
functions. Thus the order of values in a given state is described by an element of and 
we use 5^ as the domain of p*jr. 

The basic properties of a ranking function pf for this instance follow the pattern of 
previous examples, so we omit a detailed proof: 

(1) Xq appears last. 

(2) The constants in the even positions below 2n coincide for all vectors returned by p*jr. 

(3) For every odd position, the size of the set is the same in all vectors returned by p*j-. 
The property specific to this construction is as follows. 

Lemma 6.14. Let a G S*^. Letv^ = p*f{ct). Then from every pair {xi,yi}, only the element 
selected by a, that is, the variable of smaller value, is present in v^. 

Proof. The proof is by contradiction, as usual. Consider the first position that violates the 
lemma. Suppose that it is an odd position 2i — 1, containing a set A. 

Case 1: xj ^ A, but a{j) = y. Suppose first, for simplicity, that j = 1. Consider a 
state s described by a, and a state s' where the value of xi is greater than its value in s, the 
value of yi is smaller than in s, other values do not change, and neither does the relative 

^ This sufficiency claim is implicit in ttie proof of Theorem 4 in |10j . 
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order among all variables. Thus, the order at s' is also given by a. Note that Hy |= s i— > s'. 
The multiset of values of A increases from s to s', unless A includes yi. So, we conclude that 
both xi and yi are in A. Now, consider Hx', we can easily have a transition that increases 
the multiset value of A and consequently a lexicographic increase in the value of pf. 

The case where j > 1 is proved by the same argument, using M^^^^HyM^.^ (here M^^.^ 
is a multipath that exchanges the pair {xj,yj) with {xi,yi)). 

Case 2: A includes yj, while a{j) = x. Again, for simplicity, assume j = 1 (otherwise 
use M^.-^ as above). Consider a state s described by a, and a state s' where the value of yi 
is greater than its value in s, other values (except for xq) do not change, and neither does 
the order. This agrees with Hy. Now, Pf{s') = s'(vq); the multiset of values of A increases 
from s to s', a contradiction to correctness of pj. □ 

The proof of Theorem 16.121 is now concluded since the lemma implies that a distinct 
vector corresponds to each of the 2" orderings in S^- 

Remark 1: 2" is tight for the example; a possible ranking function for /C is one that 
returns the minimum over a set of vectors, all of length 3, constructed as follow^: The first 
position contains a set of n variables — one from every pair. All 2"- such sets are present. 
For a vector that begins with set S, the next position contains the number of y's in S. The 
third position is {a^o}- 

Proof: to prove lexicographic descent, the non-trivial case is a transition that does 
not decrease the minimum among the multiset values in the first position (clearly, it never 
increases). Suppose that in such a transition, the old minimum vector was vi = (5*1, ki, . . .) 
and the new one is V2 = (52, k2, ■ ■ ■ )• If ^2 < ^i, we have descent. So, assume k2 > ki, and 
consider what transition was taken. 

• If it is Hx, S2 can only differ from Si if the minimum among {xi,yi} moved from yi to xi 
(the new value of yi being at least as large). But then the number of y's in 5*2 is smaller. 
If 5*2 and Si are the same, we have lexicographic descent because xq decreases. 

• If it is Hy, S2 must differ in value from Si. In fact, there is dual multiset descent in 
{xi,yi}- 

• If it is Gi, given that the multiset does not decrease, ^2 has to be the same set as 5i. So 
k2 = ki, and xq decreases. □ 

Remark 2: The lower bound dropped from 2®("'°s"') to 2®*^"). What is the true com- 
plexity? It's an intriguing possibility that the use of multisets (beyond SMO) might decrease 
the ranking-function complexity (for a single flow-point) to 2^^"'\ 

6.5. On the program size of free-form ranking functions. A "free form" ranking 
function is described by a program; consider, for instance, a program that sorts the variables 
and outputs the sorted list. The size of a program expressing this function can be much 
smaller than the number of vectors in its image (n!). Giving an explicit lower bound on 
the size of general programs seems quite hard. Instead, [2] argues that polynomial ranking 
functions are very unlikely to exist, under standard complexity-theoretic assumptions. This 
is shown for all-strict SCT, using a proof that the decision problem (does an all-strict SCT 
instance terminate?) is PSPACE-hard. We note that the decision problems for fan-in free 
(or fan-out free) SCT are also PSPACE-hard ([lOj gives the proof for fan- in free graphs and 



'Technically, we need to add a dummy fourth element to match the definition of . 
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the fan-out free case follows easily). Thus, the same complexity-theoretic conclusion applies 
to these sub-problems as well. 

7. The Ordinal Height of Ranking Functions 

The fact that existence of a global ranking function follows from a termination proof 
of the local type is immediate from the fact that every terminating program has a global 
ranking function. However what can be deduced from the form or number of local ranking 
functions on the form or complexity of a global one is a difficult question. A recent paper 
by Blass and Gurevich [5] settles the question of the ordinal height of the global ranking 
function. 

• Consider any transitive relation R (in our setting, this will be the transitive closure of the 
transition relation of the subject program, or the SCT transition system as described in 
Definition 1 2. 7p . The goal of the "termination proof" is to establish that R is well-founded. 

• The goal is achieved by describing a finite set Ui, . . . , Um of well-founded relations such 
that RcUiU---{JUm- 

• Blass and Gurevich give a general upper bound on the ordinal height \R\ of R in terms 
of the ordinals Oi = \Ui\. 

In our setting, the covering relations Ui will include two types of relations: 

(1) For all pairs {f,g) of distinct flow-points, there is a relation that includes all pairs of 
states ((/, a), {g, cr')). This relation is well-founded because there are actually no chains 
in it of length greater than one. Removing these parts from R leaves only the part that 
describes cycles, i.e., pairs {{f,a),{f,a')). 

(2) The second group of relations Ui covers all cycles. 

Obviously, the latter group is the interesting one for termination proofs as well as for the 
ordinal-height question, and to simplify the present discussion, we can restrict our attention 
to the case \F\ = 1, so that only the second kind is left. 

In order to get the best bound out of the Blass-Gurevich theorem, we want to cover R 
in the most economical way. To this end we use the following theorem, a rewording of [6l 
Corollary 1]. 

Theorem 7.1 (Codish-Lagoon-Stuckey). Size- change graph G : f ^ f over parameters 
xi, . . . ,Xn satisfies SCT if and only if 

G^{f,a)^ig,a')^ \J a{xi) > a' {xi) . 

l<i<n 

Simply put, this means that the set of n relations a{xi) > cr'{xi) covers the transition 
relation of G. Therefore, the Blass-Gurevich result applies with exactly n relations Ui, all 
isomorphic to Val. In this simple case, Blass and Gurevich's bound becomes q", where a 
is the ordinal height of Val (e.g., oj when Val is the natural numbers, the most usual case). 

Our explicit constructions match this bound, at least for typical domains. Consider the 
construction where the range of the ranking function is described by vectors of length 2n, 
alternating parameters and integers bounded by B. The order type of this range is (Ba)"". 
Whenever a is a multiple of uj, this is exactly a". 

While the ordinal bound matches, our results in this work are not a corollary of Blass 
and Gurevich's result. Note that in the above argument we covered all SCT instances with 
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the same set of n local functions. Obviously, the identity of this set of functions cannot 
reveal any specific structure of a given instance, as does an expression for a ranking function. 

8. Conclusion 

While deducing ranking expressions from size-change graphs has already been shown 
possible before this work, the constructions in this paper are simpler and more transparent 
than previously known. They improve the upper bound on the size of the ranking expression 
and in fact achieve optimality, in a certain sense. 

The constructions employ reductions of SCT instances to instances of a subclass of 
SCT, and applies SCT to data of composite types (tuples and sets). We feel that this 
technique is interesting in itself. 

To argue for optimality, we have introduced a class of expressions that (in our opinion) 
captures all possible ranking functions for general SCT, and a complexity measure (number 
of different vectors in the image) under which we are able to prove lower bounds. 

Several theoretical problems remain. For example: 

• For fan- in /-out free graphs, will the use of multisets and multiset ordering allow ranking 
functions of size 2" to be constructed? Or is our lower bound loose? 

• What is the complexity of ranking functions for general SCT, and how to generate them? 

We remark that our construction relied on fan-out freedom in the construction of the 
instance TZ (Section 14. Furthermore, it is not hard to verify that the forms of ranking 
functions given by our constructions do not suffice for certain SCT instances which are 
not fan-in or fan-out free. The strict SCT instance shown on Page [9] is such an example. 
On the other hand, practically, there is evidence that fan-in free graphs are common. For 
example, in analysing a benchmark of SCT instances derived from Prolog programs [4j, 
we discovered that fan-in occurred rarely once size-change graphs have been "cleaned up" 
by removing arcs unnecessary for the termination proof. 

• How can the construction algorithm given in this paper be improved? Note that as 
presented, it may require doubly exponential time and space, despite the fact that the 
size of the final result is bounded by m • 2*-^ (n log n) . 

Practically, the choice of an algorithm for ranking- function construction and its usage are 
also challenging. It is well known that even algorithms that are worst-case exponential 
sometimes work sufficiently well in many practical cases. It is quite possible that human- 
written programs will not require ranking functions of high complexity. In this work, these 
practical questions have not been studied, as our goal was to examine the theoretical problem 
first. Recent work by Ben-Amram and Codish [3j proposes to use a different class of ranking 
functions which does not cover all SCT instances, but has polynomial expression size; and 
it turns out to suffice for the benchmark that was tried. The compact representation of the 
ranking functions relies on the use of sets of variables inside tuples, an insight gained from 
the work described in this paper. 

Even if a ranking-function construction is provided, the practical goals mentioned — 
certified termination, proof carrying code and execution time analysis — all require additional 
research and implementation work for their realization. 
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